Hi, On Thu, Sep 17, 2020 at 03:11:43PM +0200, Mattia Rizzolo wrote: > A note, that ubuntu links to a different commit (the same that is > recorded at mitre). > > https://bugs.launchpad.net/debian/+source/libxml2/+bug/1895839
Well I believe that is not correct, that was the commit it was tested when reporting the issue but not actually beeing the fixing commit. The upstream report https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 contains useful information, though which leads to https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 as the fixing commit for the underlying issue in xmlint. Hope this make sense. Regards, Salvatore
